Security researchers have discovered a new vulnerability in the util-Linux core utility package on Linux systems, warning that it allows attackers to steal user passwords and modify the clipboard.
The security flaw, identified as CVE-2024-28085 and dubbed ‘WallEscape’, affects the util-linux ‘wall’ command, which fails to filter escape sequences from command line arguments. An attacker could embed escape sequences in crafted messages and send them with the ‘wall’ command, allowing them to leak passwords and modify commands if certain conditions are met.
“This allows unprivileged users to put arbitrary text on other users’ terminals, if mesg is set to y and wall is setgid,” said security researcher Skyler Ferrante.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
